CRUD
v1.0.3管理OpenClaw操作按CRUD分类,创建查询无审批,更新编辑删除需返回操作清单并二次确认。
⭐ 0· 114·0 current·0 all-time
bySlava Chan@uynewnas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (CRUD approval gating) match the SKILL.md, CLAUDE.md, README and examples. The skill declares no env vars, binaries, or installs, which is reasonable for an instruction-only governance/workflow skill.
Instruction Scope
Instructions are narrowly focused on classifying operations and requiring user confirmation for Create/Update/Edit/Delete. However, the policy explicitly allows Read operations to execute immediately (file reads, directory listing, search) with no approval. That is consistent with the stated design but grants broad read access which could surface sensitive data; the skill gives no guidance on limiting read scope or filtering sensitive files.
Install Mechanism
This is an instruction-only skill with no install spec and no code to fetch or execute. That minimizes installation risk.
Credentials
The skill requests no environment variables, credentials, or special config paths — consistent and proportionate for a policy/approval skill.
Persistence & Privilege
Metadata flags show no 'always' privilege (always: false) and normal autonomous invocation is allowed. The documentation text says the skill is 'automatically injected into sessions,' which is misleading relative to the flags; confirm how your OpenClaw deployment will load/inject the skill before trusting automatic behavior. The skill does not request system-wide privileges or modify other skills.
Assessment
This skill appears to do what it claims: classify operations and require confirmation for writes. Before installing: 1) Be aware that 'Read' operations are allowed without confirmation — in sensitive environments you may prefer a stricter policy or to limit the skill's ability to read certain paths. 2) Verify how your OpenClaw instance loads/injects skills (the docs in the package say it's 'automatically injected' which conflicts with the manifest flags); ensure it won't be auto-enabled in contexts you don't expect. 3) Test in a non-production environment to confirm the confirmation flow works and that action lists accurately list affected files. 4) Use the provided uninstall steps if you need to remove it. 5) Only install from a trusted source; this package has no homepage or verified publisher metadata, so validate the origin if you rely on it in production.Like a lobster shell, security has layers — review code before you run it.
latestvk97dzafnb43ay3wdwhjkd123n583d15m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.